SSH woes

[Maeglamor]

I've attempted to set up a tunnel between port 80 on my linux box at uni (Debain testing) and my box at home (Debian stable). In theory this should allow me to tunnel through the university firewall and connect to my box at home (I believe). I've tested the connection and it works both on my home network and across the internet from a friend's house yet it will not connect through the uni firewall. I've googled and tried many configurations but I'm out of ideas (or perhaps don't have a complete understanding of the system). If anyone can advise me as to the issue I would be most greatful.

(I edited the HTTP address and any other sensitive info as I assumed it would be prudent).


roadrunner:/home/user# ssh -v home.address.org
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for home.address.org
debug1: Connecting to home.address.org [xxx.xxx.xxx.xxx] port 80.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9
debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'home.address.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
Read from socket failed: Connection reset by peer

[Roxoff]

Hmm, universities normally run firewalls for a bloody good reason. If it's stopping you from getting out and connecting via ssh, then it seems to have done the job it was set up for.

Of course, you could try moving your ssh hosted port to something random and above 1024. No guarantees this will work, of course, because we dont know how strict the university firewall is.

The next step from this is to run squid on your debian box at home, and forward the squid proxy port over the tunneled ssh connection - then you can run your web browser on the remote machine and tell it to connect to the 'localhost' proxy port, which will then go out over the tunneled connection and to the internet from your home.

[Maeglamor]

Hmm, universities normally run firewalls for a bloody good reason. If it's stopping you from getting out and connecting via ssh, then it seems to have done the job it was set up for.

Of course, you could try moving your ssh hosted port to something random and above 1024. No guarantees this will work, of course, because we dont know how strict the university firewall is.

The next step from this is to run squid on your debian box at home, and forward the squid proxy port over the tunneled ssh connection - then you can run your web browser on the remote machine and tell it to connect to the 'localhost' proxy port, which will then go out over the tunneled connection and to the internet from your home.

Thanks Roxoff, I actually just want to be able to connect to my box to monitor it and chat to my family (via my IRC server). The university is quite draconian in the services it allows you to use, I am away from home for long periods and being able to say hello without worrying about the cost is my primary aim. I had hoped to use the HTTP MSN server but it's being blocked. I don't know if it's worth pointing out but I'm obviously running a Debian/Gnu based laptop to connect to home so I'm not installing or modifying any of the university computers (which are understandably locked down). Ports are restricted to 80, 443 and incoming FTP on 21.

IT support here seems to be non-existent for students; you talk to a member of the library staff who, if you're lucky, will make an enquiry for you and get back to you... whenever. It's not a friendly set-up. I'm sure IT are simply tired of lazy users making frivolous enquiries and have planned it that way.

Anywho, sob story aside, I have read the university's documentation carefully and it does not state anywhere that what I'm doing is prohibited, I'm not interested in setting up or using a HTTP proxy and I simply wanted to back up my files, monitor my server and most importantly 'call home' - so to speak.